Signature Detail

Short Name	APP:IPSO-FILE-VIEW
Severity	High
Recommended	No
Recommended Action	Drop
Category	APP
Keywords	Nokia firewall IP-box IP box file view tcl script cgi bin cgi-bin
Release Date	2003/07/01
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: Nokia IPSO File Access

This signature detects attempts to exploit a known vulnerability in "Voyager", a Web GUI included with Nokia IP-boxes. IPSO 3.6-FCS6 and other versions are vulnerable. Attackers can use Voyager to instruct a CGI script to view the contents of arbitrary files on the system.

Extended Description

It has been reported that Nokia IPSO does not properly handle some types of requests through Voyager. Because of this, an attacker with access to the interface may be able to view potentially sensitive information.

Affected Products

Nokia IPSO 3.3.0
Nokia IPSO 3.3.0 SP1
Nokia IPSO 3.3.0 SP2
Nokia IPSO 3.3.0 SP3
Nokia IPSO 3.3.0 SP4
Nokia IPSO 3.3.1
Nokia IPSO 3.4.0
Nokia IPSO 3.4.1
Nokia IPSO 3.4.2

References

BugTraq: 7426
URL: http://www.securityfocus.com/archive/1/319599/30/0/threaded
URL: http://www.xatrix.org/article.php?s=3265

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: Nokia IPSO File Access

Extended Description

Affected Products

References